From 83aee7952f4332951327af92a1eb6b12f4d3ad08 Mon Sep 17 00:00:00 2001 From: Kat <54268893+kosiakkatrina@users.noreply.github.com> Date: Wed, 11 Dec 2024 14:35:51 +0000 Subject: [PATCH] Do not put error objects into cookies --- app/controllers/form_controller.rb | 8 ++++++-- spec/requests/form_controller_spec.rb | 20 ++++++++++++++++++++ 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/app/controllers/form_controller.rb b/app/controllers/form_controller.rb index 7ce63e609..b452cb263 100644 --- a/app/controllers/form_controller.rb +++ b/app/controllers/form_controller.rb @@ -38,7 +38,11 @@ class FormController < ApplicationController error_attributes = @log.errors.map(&:attribute) Rails.logger.info "User triggered validation(s) on: #{error_attributes.join(', ')}" @subsection = form.subsection_for_page(@page) - flash[:errors] = @log.errors + flash[:errors] = @log.errors.each_with_object({}) do |error, result| + if @page.questions.map(&:id).include?(error.attribute.to_s) + result[error.attribute.to_s] = error.message + end + end flash[:log_data] = responses_for_page redirect_to send("#{@log.class.name.underscore}_#{@page.id}_path", @log, { referrer: request.params["referrer"], original_page_id: request.params["original_page_id"], related_question_ids: request.params["related_question_ids"] }) end @@ -116,7 +120,7 @@ private return unless previous_errors previous_errors.each do |attribute, message| - @log.errors.add attribute, message.first + @log.errors.add attribute, message.html_safe end end diff --git a/spec/requests/form_controller_spec.rb b/spec/requests/form_controller_spec.rb index e727d8acc..fbbd5fc85 100644 --- a/spec/requests/form_controller_spec.rb +++ b/spec/requests/form_controller_spec.rb @@ -723,6 +723,26 @@ RSpec.describe FormController, type: :request do end end end + + context "with long error messages" do + let(:sales_log) { create(:sales_log, :completed, assigned_to: user) } + let(:page_id) { "purchase_price" } + let(:params) do + { + id: sales_log.id, + sales_log: { + page: page_id, + "value" => 1, + }, + } + end + + it "can deal with long error messages" do + post "/sales-logs/#{sales_log.id}/#{page_id.dasherize}", params: params + follow_redirect! + expect(page).to have_content("There is a problem") + end + end end context "with invalid organisation answers" do